Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
46
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
160
Getting Started in Bug Bounty
jr0ch17
0
140
Getting Blindly Lucky
jr0ch17
0
88
Qu'est-ce que le bug bounty?
jr0ch17
0
140
Finding 5 bugs in a single parameter
jr0ch17
0
96
Beyond the Borders of Scope
jr0ch17
1
85
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
コールドスタンバイ構成でCDは可能か
hiramax
0
130
RALGO : AIを組織に組み込む方法 -アルゴリズム中心組織設計- #RSGT2026 / RALGO: How to Integrate AI into an Organization – Algorithm-Centric Organizational Design
kyonmm
PRO
3
1.1k
Everything As Code
yosuke_ai
0
510
20260114_データ横丁 新年LT大会:2026年の抱負
taromatsui_cccmkhd
0
120
2025年 山梨の技術コミュニティを振り返る
yuukis
0
160
CQRS/ESになぜアクターモデルが必要なのか
j5ik2o
0
930
Digitization部 紹介資料
sansan33
PRO
1
6.5k
「アウトプット脳からユーザー価値脳へ」がそんなに簡単にできたら苦労しない #RSGT2026
aki_iinuma
11
5k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
田舎で20年スクラム(後編):一個人が企業で長期戦アジャイルに挑む意味
chinmo
1
1.4k
AI駆動開発ライフサイクル(AI-DLC)の始め方
ryansbcho79
0
330
たかがボタン、されどボタン ~button要素から深ぼるボタンUIの定義について~ / BuriKaigi 2026
yamanoku
1
250
Featured
See All Featured
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
61
48k
Building the Perfect Custom Keyboard
takai
2
670
Believing is Seeing
oripsolob
1
29
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
220
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
40
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
39
Testing 201, or: Great Expectations
jmmastey
46
7.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
600
Code Review Best Practice
trishagee
74
19k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
280
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
hiramax
kyonmm
yosuke_ai
taromatsui_cccmkhd
yuukis
j5ik2o
sansan33
aki_iinuma
chinmo
ryansbcho79
yamanoku
soudai
takai
oripsolob
reverentgeek
marketingsoph
marktimemedia
ryanjones
jmmastey
eileencodes
nmsamuel
trishagee
chikuwait
